MyCERT is aware of the outbreak of a ransomware called as WannaCry. This ransomware is also referenced online under various names – WCry, WanaCryptor, WannaCrypt or Wana Decryptor. Ransomware is type of malware that infects computing platform and restricts users’ access until an amount of ransom is paid in order to unlock it. Victims got infected through emails that contains malicious attachment. Once the ransomware infected a system, the malware scans and infects other vulnerable systems within the network.

It exploits a vulnerability found in Windows, known as EternalBlue, that Microsoft patched in March (MS17-010). The vulnerability is in the Windows Server Message Block (SMB) service.

•Files on infected computer are encrypted and the owner is unable to access the files until a ransom of $300 worth of Bitcoin is paid.

•Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored. Figure 1 shows the ransomnote found on infected computer. Figure 2 shows the text file created by the ransomware that explaining what has happened and instructions on how to pay the ransom.

•WannaCry encrypts files with the following extensions, appending .WCRY to the end of the file name:

g)Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline;

h)Maintain up-to-date anti-virus software;

i)Keep operating system and software up-to-date regularly with the latest patches;

j)Do not follow unsolicited web links in email;

k)Be extra careful when opening email attachments;

l)Follow best and safe practices when browsing the web.

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.